The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I know what it does, but I just dont know how I should be using it properly.

Maybe I should stripslashes to clean it up before going in the database and when its being output, use htmlspecialchars and addslashes. The thing is, I still get puzzled when its not exactly needed for an echo.

Are you sure you have to stripslashes when retrieving the data from the database?

For example, when inserting a quote ' addslashes converts that to \' and inserts into the mySQL database, which inteprets both those characters as a single quote. So, I think there is no need to stripslashes...

the single quote (and other special chars in $search_term) gets escaped, and the SQL query becomes:

$SQL = "SELECT * from article WHERE body LIKE '%Matt\'s Script Archive%' ORDER BY article_id"

and everything works as expected.

the \' tells the SQL parser to intepret it as a single quote, to be stored in the database.

NOTE: PHP can be configured to automatically add these slashes to all FORM (GET/POST) and cookie INPUT from the user (thats what gpc_magic_quotes() is for). So, this would eliminate the need of using addslashes. However, I prefer to explicitly addslashes() and turn off auto slashing.

The stripslashes is used to remove slashes. This is normally only used if you want to remove slashes from user INPUT that were added automatically by PHP (gpc_magic_quotes() function).